wip

Numpsy · Sep 15, 2019 · 7ffb073 · 7ffb073
1 parent ab7f8c5
commit 7ffb073
Show file tree

Hide file tree

Showing 2 changed files with 197 additions and 5 deletions.
diff --git a/src/ICSharpCode.SharpZipLib/Encryption/ZipAESEncryptionStream.cs b/src/ICSharpCode.SharpZipLib/Encryption/ZipAESEncryptionStream.cs
@@ -0,0 +1,157 @@
+using System;
+using System.IO;
+using System.Security.Cryptography;
+using ICSharpCode.SharpZipLib.Core;
+
+namespace ICSharpCode.SharpZipLib.Encryption
+{
+	/// <summary>
+	/// Encrypts AES ZIP entries.
+	/// </summary>
+	/// <remarks>
+	/// Based on information from http://www.winzip.com/aes_info.htm
+	/// and http://www.gladman.me.uk/cryptography_technology/fileencrypt/
+	/// </remarks>
+	internal class ZipAESEncryptionStream : Stream
+	{
+		// The transform to use for encryption.
+		private readonly ZipAESTransform transform;
+
+		// The output stream to write the encrypted data to.
+		private readonly Stream outputStream;
+
+		// Static to help ensure that multiple files within a zip will get different random salt
+		private static RandomNumberGenerator _aesRnd = RandomNumberGenerator.Create();
+
+		/// <summary>
+		/// Constructor
+		/// </summary>
+		/// <param name="stream">The stream on which to perform the cryptographic transformation.</param>
+		/// <param name="rawPassword">The password used to encrypt the entry.</param>
+		/// <param name="saltLength">The length of the salt to use.</param>
+		/// <param name="blockSize">The block size to use for transforming.</param>
+		public ZipAESEncryptionStream(Stream stream, string rawPassword, int saltLength, int blockSize)
+		{
+			// Set up stream.
+			this.outputStream = stream;
+
+			// Initialise the encryption transform.
+			var salt = new byte[saltLength];
+
+			// Salt needs to be cryptographically random, and unique per file
+			if (_aesRnd == null)
+				_aesRnd = RandomNumberGenerator.Create();
+			_aesRnd.GetBytes(salt);
+
+			this.transform = new ZipAESTransform(rawPassword, salt, blockSize, false);
+
+			// File format for AES:
+			// Size (bytes)   Content
+			// ------------   -------
+			// Variable       Salt value
+			// 2              Password verification value
+			// Variable       Encrypted file data
+			// 10             Authentication code
+			//
+			// Value in the "compressed size" fields of the local file header and the central directory entry
+			// is the total size of all the items listed above. In other words, it is the total size of the
+			// salt value, password verification value, encrypted data, and authentication code.
+			var pwdVerifier = this.transform.PwdVerifier;
+			this.outputStream.Write(salt, 0, salt.Length);
+			this.outputStream.Write(pwdVerifier, 0, pwdVerifier.Length);
+		}
+
+		// The final n bytes of the AES stream contain the Auth Code.
+		private const int AUTH_CODE_LENGTH = 10;
+
+		// Blocksize is always 16 here, even for AES-256 which has transform.InputBlockSize of 32.
+		private const int CRYPTO_BLOCK_SIZE = 16;
+
+		// total length of block + auth code
+		private const int BLOCK_AND_AUTH = CRYPTO_BLOCK_SIZE + AUTH_CODE_LENGTH;
+
+
+		private byte[] _slideBuffer;
+		private int _slideBufStartPos;
+		private int _slideBufFreePos;
+
+		// Buffer block transforms to enable partial reads
+		private byte[] _transformBuffer = null;// new byte[CRYPTO_BLOCK_SIZE];
+		private int _transformBufferFreePos;
+		private int _transformBufferStartPos;
+
+		// Do we have some buffered data available?
+		private bool HasBufferedData =>_transformBuffer != null && _transformBufferStartPos < _transformBufferFreePos;
+
+		// This stream is write only.
+		public override bool CanRead => false;
+
+		// We only support writing - no seeking about.
+		public override bool CanSeek => false;
+
+		// Supports writing for encrypting.
+		public override bool CanWrite => true;
+
+		// We don'tr track this.
+		public override long Length => throw new NotImplementedException();
+
+		// We don't track this, or suppor tseeking.
+		public override long Position { get => throw new NotImplementedException(); set => throw new NotImplementedException(); }
+
+		/// <summary>
+		/// When the stream is closed, write the final blocks and AES Authentication code
+		/// </summary>
+		public override void Close()
+		{
+			// Transform the final block.
+
+
+			// Write the AES Authentication Code (a hash of the compressed and encrypted data)
+			var authCode = this.transform.GetAuthCode();
+			this.outputStream.Write(authCode, 0, 10);
+		}
+
+		// <inheritdoc/>
+		public override void Flush()
+		{
+			this.outputStream.Flush();
+		}
+
+		// <inheritdoc/>
+		public override int Read(byte[] buffer, int offset, int count)
+		{
+			// ZipAESEncryptionStream is only used for encryption.
+			throw new NotImplementedException();
+		}
+
+		// <inheritdoc/>
+		public override long Seek(long offset, SeekOrigin origin)
+		{
+			// We don't support seeking.
+			throw new NotImplementedException();
+		}
+
+		// <inheritdoc/>
+		public override void SetLength(long value)
+		{
+			// We don't support setting the length.
+			throw new NotImplementedException();
+		}
+
+		/// <summary>
+		/// Writes a sequence of bytes to the current stream and advances the current position within this stream by the number of bytes written.
+		/// </summary>
+		/// <param name="buffer">An array of bytes. This method copies count bytes from buffer to the current stream. </param>
+		/// <param name="offset">The byte offset in buffer at which to begin copying bytes to the current stream. </param>
+		/// <param name="count">The number of bytes to be written to the current stream. </param>
+		public override void Write(byte[] buffer, int offset, int count)
+		{
+			if (count == 0)
+			{
+				return;
+			}
+
+
+		}
+	}
+}
diff --git a/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs b/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs
@@ -2133,6 +2133,12 @@ private void WriteLocalEntryHeader(ZipUpdate update)
 				ed.Delete(1);
 			}
 
+			// Write AES Data if needed
+			if (entry.AESKeySize > 0)
+			{
+				AddExtraDataAES(entry, ed);
+			}
+
 			entry.ExtraData = ed.GetEntryData();
 
 			WriteLEShort(name.Length);
@@ -2256,6 +2262,11 @@ private int WriteCentralDirectoryHeader(ZipEntry entry)
 				ed.Delete(1);
 			}
 
+			if (entry.AESKeySize > 0)
+			{
+				AddExtraDataAES(entry, ed);
+			}
+
 			byte[] centralExtraData = ed.GetEntryData();
 
 			WriteLEShort(centralExtraData.Length);
@@ -2310,6 +2321,22 @@ private int WriteCentralDirectoryHeader(ZipEntry entry)
 			return ZipConstants.CentralHeaderBaseSize + name.Length + centralExtraData.Length + rawComment.Length;
 		}
 
+		private static void AddExtraDataAES(ZipEntry entry, ZipExtraData extraData)
+		{
+			// Vendor Version: AE-1 IS 1. AE-2 is 2. With AE-2 no CRC is required and 0 is stored.
+			const int VENDOR_VERSION = 2;
+			// Vendor ID is the two ASCII characters "AE".
+			const int VENDOR_ID = 0x4541; //not 6965;
+			extraData.StartNewEntry();
+			// Pack AES extra data field see http://www.winzip.com/aes_info.htm
+			//extraData.AddLeShort(7);							// Data size (currently 7)
+			extraData.AddLeShort(VENDOR_VERSION);               // 2 = AE-2
+			extraData.AddLeShort(VENDOR_ID);                    // "AE"
+			extraData.AddData(entry.AESEncryptionStrength);     //  1 = 128, 2 = 192, 3 = 256
+			extraData.AddLeShort((int)entry.CompressionMethod); // The actual compression method used to compress the file
+			extraData.AddNewEntry(0x9901);
+		}
+
 		#endregion Writing Values/Headers
 
 		private void PostUpdateCleanup()
@@ -3634,9 +3661,16 @@ private Stream CreateAndInitDecryptionStream(Stream baseStream, ZipEntry entry)
 
 		private Stream CreateAndInitEncryptionStream(Stream baseStream, ZipEntry entry)
 		{
-			CryptoStream result = null;
-			if ((entry.Version < ZipConstants.VersionStrongEncryption)
-				|| (entry.Flags & (int)GeneralBitFlags.StrongEncryption) == 0)
+			if (entry.CompressionMethodForHeader == CompressionMethod.WinZipAES)
+			{
+				int blockSize = entry.AESKeySize / 8;   // bits to bytes
+
+				var aesStream =
+					new ZipAESEncryptionStream(baseStream, rawPassword_, entry.AESSaltLen, blockSize);
+
+				return aesStream;
+			}
+			else
 			{
 				var classicManaged = new PkzipClassicManaged();
 
@@ -3648,7 +3682,7 @@ private Stream CreateAndInitEncryptionStream(Stream baseStream, ZipEntry entry)
 
 				// Closing a CryptoStream will close the base stream as well so wrap it in an UncompressedStream
 				// which doesnt do this.
-				result = new CryptoStream(new UncompressedStream(baseStream),
+				CryptoStream result = new CryptoStream(new UncompressedStream(baseStream),
 					classicManaged.CreateEncryptor(key, null), CryptoStreamMode.Write);
 
 				if ((entry.Crc < 0) || (entry.Flags & 8) != 0)
@@ -3659,8 +3693,9 @@ private Stream CreateAndInitEncryptionStream(Stream baseStream, ZipEntry entry)
 				{
 					WriteEncryptionHeader(result, entry.Crc);
 				}
+
+				return result;
 			}
-			return result;
 		}
 
 		private static void CheckClassicPassword(CryptoStream classicCryptoStream, ZipEntry entry)